Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
9.1
CVSSv3
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
NA
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
8.6
CVSSv3
CVE-2018-16308
The Ninja Forms plugin prior to 3.3.14.1 for WordPress allows CSV injection.
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-36827
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2018-19796
An open redirect in the Ninja Forms plugin prior to 3.3.19.1 for WordPress allows Remote malicious users to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2017-18574
The ninja-forms plugin prior to 3.0.31 for WordPress has insufficient HTML escaping in the builder.
Ninjaforms Ninja Forms
8.8
CVSSv3
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »